From 8782f0e287df2a2fd9f9dfb3f0e1589cc15a4f91 Mon Sep 17 00:00:00 2001 From: Aleksandr Razumov Date: Sun, 15 Dec 2019 20:57:23 +0300 Subject: Set CPU number to CPU quota When application is not cgroups-aware, it can spawn excessive threads which often defaults to CPU number. Introduce a opt-in flag that will set CPU number accordingly to CPU quota (if available). Fixes #1391 --- runsc/cgroup/cgroup.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'runsc/cgroup/cgroup.go') diff --git a/runsc/cgroup/cgroup.go b/runsc/cgroup/cgroup.go index ab3a25b9b..653ca5f52 100644 --- a/runsc/cgroup/cgroup.go +++ b/runsc/cgroup/cgroup.go @@ -101,6 +101,14 @@ func getValue(path, name string) (string, error) { return string(out), nil } +func getInt(path, name string) (int, error) { + s, err := getValue(path, name) + if err != nil { + return 0, err + } + return strconv.Atoi(strings.TrimSpace(s)) +} + // fillFromAncestor sets the value of a cgroup file from the first ancestor // that has content. It does nothing if the file in 'path' has already been set. func fillFromAncestor(path string) (string, error) { @@ -323,6 +331,22 @@ func (c *Cgroup) Join() (func(), error) { return undo, nil } +func (c *Cgroup) CPUQuota() (float64, error) { + path := c.makePath("cpu") + quota, err := getInt(path, "cpu.cfs_quota_us") + if err != nil { + return -1, err + } + period, err := getInt(path, "cpu.cfs_period_us") + if err != nil { + return -1, err + } + if quota <= 0 || period <= 0 { + return -1, err + } + return float64(quota) / float64(period), nil +} + // NumCPU returns the number of CPUs configured in 'cpuset/cpuset.cpus'. func (c *Cgroup) NumCPU() (int, error) { path := c.makePath("cpuset") -- cgit v1.2.3 From 4af39dd1c522f7852312ecbfd3678892fc656322 Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Fri, 24 Apr 2020 18:15:26 -0700 Subject: Propagate PID limit from OCI to sandbox cgroup Closes #2489 PiperOrigin-RevId: 308362434 --- runsc/cgroup/cgroup.go | 14 ++++++++++++-- test/root/cgroup_test.go | 6 ++++++ 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'runsc/cgroup/cgroup.go') diff --git a/runsc/cgroup/cgroup.go b/runsc/cgroup/cgroup.go index 653ca5f52..fa40ee509 100644 --- a/runsc/cgroup/cgroup.go +++ b/runsc/cgroup/cgroup.go @@ -45,13 +45,13 @@ var controllers = map[string]controller{ "memory": &memory{}, "net_cls": &networkClass{}, "net_prio": &networkPrio{}, + "pids": &pids{}, // These controllers either don't have anything in the OCI spec or is - // irrevalant for a sandbox, e.g. pids. + // irrelevant for a sandbox. "devices": &noop{}, "freezer": &noop{}, "perf_event": &noop{}, - "pids": &noop{}, "systemd": &noop{}, } @@ -525,3 +525,13 @@ func (*networkPrio) set(spec *specs.LinuxResources, path string) error { } return nil } + +type pids struct{} + +func (*pids) set(spec *specs.LinuxResources, path string) error { + if spec.Pids == nil { + return nil + } + val := strconv.FormatInt(spec.Pids.Limit, 10) + return setValue(path, "pids.max", val) +} diff --git a/test/root/cgroup_test.go b/test/root/cgroup_test.go index 8876d0d61..d0634b5c3 100644 --- a/test/root/cgroup_test.go +++ b/test/root/cgroup_test.go @@ -199,6 +199,12 @@ func TestCgroup(t *testing.T) { want: "750", skipIfNotFound: true, // blkio groups may not be available. }, + { + arg: "--pids-limit=1000", + ctrl: "pids", + file: "pids.max", + want: "1000", + }, } args := make([]string, 0, len(attrs)) -- cgit v1.2.3